The pull_request_target event is one of the most commonly misused triggers in GitHub Actions, leading to vulnerabilities in workflows. Workflows triggered by pull_request_target run with the base repository’s GITHUB_TOKEN, secrets, and default-branch cache access. Checking out the head of an unreviewed pull request from a fork inside one of these workflows typically lets attacker-controlled code execute with the workflow’s full privileges. This pattern is known as a “pwn request,” and it has been the root cause of multiple supply-chain incidents across the ecosystem. For more information, see our blog posts about helping to prevent these requests.
Starting today, actions/checkout v7 is generally available and refuses common pwn request patterns by default.
On July 16, 2026, we’ll backport the enforcement to all currently supported major versions. Workflows pinned to a floating major tag (e.g., actions/checkout@v4) will automatically pick up the change. Workflows pinned to a specific SHA, minor, or patch version aren’t affected by the backport and will need to upgrade using Dependabot or through established upgrade processes.
Same-repository pull requests aren’t affected, and the pull_request event is unchanged.
